Enterprise-grade gateway for AI — Secure, audit, and govern every AI API call and MCP tool invocation across your organization.
Just as an SSH bastion host is the single gateway through which all server access must flow, ThinkWatch is the single gateway through which all AI access must flow.
Every model request. Every tool call. Every token. Authenticated, authorized, rate-limited, logged, and accounted for.
As AI agents proliferate across engineering teams, organizations face a growing governance challenge — API keys scattered everywhere, zero visibility into usage, no access control, compliance gaps, and cost surprises. ThinkWatch solves all of this with a single deployment.
┌──────────────────────────────────────┐
Claude Code ──────>│ │──> OpenAI
Cursor ───────────>│ Gateway :3000 │──> Anthropic
Custom Agent ─────>│ AI API + MCP Unified Proxy │──> Google Gemini
CI/CD Pipeline ───>│ │──> Azure OpenAI / AWS Bedrock
└──────────────────────────────────────┘
┌──────────────────────────────────────┐
Admin Browser ────>│ Console :3001 │
│ Management UI + Admin API │
└──────────────────────────────────────┘
| 🔑 Virtual API Keys | Issue scoped tw- keys per team, project, or developer. Automatic rotation with grace periods, inactivity timeout, and expiry warnings. |
| 🔀 Multi-Provider Routing | OpenAI, Anthropic, Google Gemini, Azure OpenAI, AWS Bedrock — all behind a single unified endpoint. Drop-in replacement for Cursor, Cline, Claude Code, and OpenAI/Anthropic SDKs. |
| 🛠️ MCP Gateway | Centralized tool proxy with namespace isolation (github__create_issue, postgres__query), tool-level RBAC, and full audit trail for every invocation. |
| 💰 Cost Tracking | Per-model pricing with budget alerts, team attribution, and month-to-date spend analytics. No more unexplained AI bills. |
| 🔒 RBAC & SSO | 5-tier role-based access control (Super Admin → Viewer). Plug into Zitadel, Okta, Azure AD, or any OIDC provider. |
| 📋 Audit Logs | Full-text searchable audit trail powered by Quickwit with S3-backed cloud-native storage. Forward to any SIEM via Syslog, Kafka, or HTTP webhook. |
| ⚡ Rate Limiting | Sliding-window RPM/TPM limits via Redis, per key or per user. Built-in circuit breaker with configurable threshold and retry backoff. |
| 📈 Prometheus Metrics | Ready-to-use /metrics endpoint with request counts, latency histograms, token totals, rate limit stats, and circuit breaker state. |
| 🛡️ Security-First Design | AES-256-GCM encryption at rest, distroless containers (2 MB runtime), dual-port architecture, CSP headers, and SHA-256 key hashing. |
| 🔧 Dynamic Configuration | Web UI settings console, first-run setup wizard, built-in configuration guide for popular AI clients, and multi-instance sync via Redis Pub/Sub. |
# 1. Start infrastructure (PostgreSQL, Redis, Quickwit, Zitadel)
docker compose -f deploy/docker-compose.dev.yml up -d
# 2. Configure and start the backend (Gateway :3000 + Console :3001)
cp .env.example .env
cargo run -p think-watch-server
# 3. Start the frontend dev server
cd web && pnpm install && pnpm dev
# 4. Complete the setup wizard at http://localhost:5173/setup| Layer | Technology |
|---|---|
| Backend | Rust · Axum 0.8 · SQLx 0.8 · OpenTelemetry |
| Frontend | React 19 · TypeScript 6 · Vite 8 · shadcn/ui · Tailwind CSS 4 |
| Database | PostgreSQL 18 |
| Cache & Rate Limiting | Redis 8 |
| Audit Log Search | Quickwit 0.8 (S3-backed, cloud-native) |
| Object Storage | AWS S3 / GCS / Azure Blob / RustFS (S3-compatible) |
| SSO | Zitadel (or any OIDC provider) |
| Containers | Distroless · Helm Chart for Kubernetes |
| Port | Server | Exposure | Purpose |
|---|---|---|---|
3000 |
Gateway | Public — expose to AI clients | /v1/chat/completions, /v1/messages, /v1/responses, /mcp, /metrics, /health/* |
3001 |
Console | Internal — behind VPN/firewall | /api/* management endpoints · Web UI |
In production, only port 3000 should be reachable from the internet. Port 3001 should be restricted to your admin network.
| Repository | Description |
|---|---|
| ThinkWatchProject/ThinkWatch | 🛡️ Core platform — AI gateway server, proxy, MCP proxy, and web console (Rust + React) |
ThinkWatch is source-available under the Business Source License 1.1.
Non-production use is free. Production use is free up to 10,000,000 Billable Tokens and 10,000 MCP Tool Calls per UTC calendar month.
See LICENSING.md for full details, tiering model, and the changeover to GPL-2.0-or-later.
Made with ❤️ for AI-native engineering teams